[deliverable/linux.git] / crypto / asymmetric_keys / pkcs7_trust.c

/* Validate the trust chain of a PKCS#7 message.
 *
 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
 * Written by David Howells (dhowells@redhat.com)
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public Licence
 * as published by the Free Software Foundation; either version
 * 2 of the Licence, or (at your option) any later version.
 */

#define pr_fmt(fmt) "PKCS7: "fmt
#include <linux/kernel.h>
#include <linux/export.h>
#include <linux/slab.h>
#include <linux/err.h>
#include <linux/asn1.h>
#include <linux/key.h>
#include <keys/asymmetric-type.h>
#include "public_key.h"
#include "pkcs7_parser.h"

/**
 * Check the trust on one PKCS#7 SignedInfo block.
 */
static int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7,
				    struct pkcs7_signed_info *sinfo,
				    struct key *trust_keyring)
{
	struct public_key_signature *sig = &sinfo->sig;
	struct x509_certificate *x509, *last = NULL, *p;
	struct key *key;
	bool trusted;
	int ret;

	kenter(",%u,", sinfo->index);

	if (sinfo->unsupported_crypto) {
		kleave(" = -ENOPKG [cached]");
		return -ENOPKG;
	}

	for (x509 = sinfo->signer; x509; x509 = x509->signer) {
		if (x509->seen) {
			if (x509->verified) {
				trusted = x509->trusted;
				goto verified;
			}
			kleave(" = -ENOKEY [cached]");
			return -ENOKEY;
		}
		x509->seen = true;

		/* Look to see if this certificate is present in the trusted
		 * keys.
		 */
		key = x509_request_asymmetric_key(trust_keyring, x509->id,
						  false);
		if (!IS_ERR(key)) {
			/* One of the X.509 certificates in the PKCS#7 message
			 * is apparently the same as one we already trust.
			 * Verify that the trusted variant can also validate
			 * the signature on the descendant.
			 */
			pr_devel("sinfo %u: Cert %u as key %x\n",
				 sinfo->index, x509->index, key_serial(key));
			goto matched;
		}
		if (key == ERR_PTR(-ENOMEM))
			return -ENOMEM;

		 /* Self-signed certificates form roots of their own, and if we
		  * don't know them, then we can't accept them.
		  */
		if (x509->next == x509) {
			kleave(" = -ENOKEY [unknown self-signed]");
			return -ENOKEY;
		}

		might_sleep();
		last = x509;
		sig = &last->sig;
	}

	/* No match - see if the root certificate has a signer amongst the
	 * trusted keys.
	 */
	if (last && last->authority) {
		key = x509_request_asymmetric_key(trust_keyring, last->authority,
						  false);
		if (!IS_ERR(key)) {
			x509 = last;
			pr_devel("sinfo %u: Root cert %u signer is key %x\n",
				 sinfo->index, x509->index, key_serial(key));
			goto matched;
		}
		if (PTR_ERR(key) != -ENOKEY)
			return PTR_ERR(key);
	}

	/* As a last resort, see if we have a trusted public key that matches
	 * the signed info directly.
	 */
	key = x509_request_asymmetric_key(trust_keyring,
					  sinfo->signing_cert_id,
					  false);
	if (!IS_ERR(key)) {
		pr_devel("sinfo %u: Direct signer is key %x\n",
			 sinfo->index, key_serial(key));
		x509 = NULL;
		goto matched;
	}
	if (PTR_ERR(key) != -ENOKEY)
		return PTR_ERR(key);

	kleave(" = -ENOKEY [no backref]");
	return -ENOKEY;

matched:
	ret = verify_signature(key, sig);
	trusted = test_bit(KEY_FLAG_TRUSTED, &key->flags);
	key_put(key);
	if (ret < 0) {
		if (ret == -ENOMEM)
			return ret;
		kleave(" = -EKEYREJECTED [verify %d]", ret);
		return -EKEYREJECTED;
	}

verified:
	if (x509) {
		x509->verified = true;
		for (p = sinfo->signer; p != x509; p = p->signer) {
			p->verified = true;
			p->trusted = trusted;
		}
	}
	sinfo->trusted = trusted;
	kleave(" = 0");
	return 0;
}

/**
 * pkcs7_validate_trust - Validate PKCS#7 trust chain
 * @pkcs7: The PKCS#7 certificate to validate
 * @trust_keyring: Signing certificates to use as starting points
 * @_trusted: Set to true if trustworth, false otherwise
 *
 * Validate that the certificate chain inside the PKCS#7 message intersects
 * keys we already know and trust.
 *
 * Returns, in order of descending priority:
 *
 *  (*) -EKEYREJECTED if a signature failed to match for which we have a valid
 *	key, or:
 *
 *  (*) 0 if at least one signature chain intersects with the keys in the trust
 *	keyring, or:
 *
 *  (*) -ENOPKG if a suitable crypto module couldn't be found for a check on a
 *	chain.
 *
 *  (*) -ENOKEY if we couldn't find a match for any of the signature chains in
 *	the message.
 *
 * May also return -ENOMEM.
 */
int pkcs7_validate_trust(struct pkcs7_message *pkcs7,
			 struct key *trust_keyring,
			 bool *_trusted)
{
	struct pkcs7_signed_info *sinfo;
	struct x509_certificate *p;
	int cached_ret = -ENOKEY;
	int ret;

	for (p = pkcs7->certs; p; p = p->next)
		p->seen = false;

	for (sinfo = pkcs7->signed_infos; sinfo; sinfo = sinfo->next) {
		ret = pkcs7_validate_trust_one(pkcs7, sinfo, trust_keyring);
		switch (ret) {
		case -ENOKEY:
			continue;
		case -ENOPKG:
			if (cached_ret == -ENOKEY)
				cached_ret = -ENOPKG;
			continue;
		case 0:
			*_trusted |= sinfo->trusted;
			cached_ret = 0;
			continue;
		default:
			return ret;
		}
	}

	return cached_ret;
}
EXPORT_SYMBOL_GPL(pkcs7_validate_trust);
Commit	Line	Data
08815b62 DH	1	/* Validate the trust chain of a PKCS#7 message.
	2	*
	3	* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
	4	* Written by David Howells (dhowells@redhat.com)
	5	*
	6	* This program is free software; you can redistribute it and/or
	7	* modify it under the terms of the GNU General Public Licence
	8	* as published by the Free Software Foundation; either version
	9	* 2 of the Licence, or (at your option) any later version.
	10	*/
	11
	12	#define pr_fmt(fmt) "PKCS7: "fmt
	13	#include <linux/kernel.h>
	14	#include <linux/export.h>
	15	#include <linux/slab.h>
	16	#include <linux/err.h>
	17	#include <linux/asn1.h>
	18	#include <linux/key.h>
	19	#include <keys/asymmetric-type.h>
	20	#include "public_key.h"
	21	#include "pkcs7_parser.h"
	22
08815b62 DH	23	/**
	24	* Check the trust on one PKCS#7 SignedInfo block.
	25	*/
15155b9a DH	26	static int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7,
	27	struct pkcs7_signed_info *sinfo,
	28	struct key *trust_keyring)
08815b62 DH	29	{
	30	struct public_key_signature *sig = &sinfo->sig;
	31	struct x509_certificate x509, last = NULL, *p;
	32	struct key *key;
	33	bool trusted;
	34	int ret;
	35
	36	kenter(",%u,", sinfo->index);
	37
41559420 DH	38	if (sinfo->unsupported_crypto) {
	39	kleave(" = -ENOPKG [cached]");
	40	return -ENOPKG;
	41	}
	42
08815b62 DH	43	for (x509 = sinfo->signer; x509; x509 = x509->signer) {
	44	if (x509->seen) {
	45	if (x509->verified) {
	46	trusted = x509->trusted;
	47	goto verified;
	48	}
	49	kleave(" = -ENOKEY [cached]");
	50	return -ENOKEY;
	51	}
	52	x509->seen = true;
	53
	54	/* Look to see if this certificate is present in the trusted
	55	* keys.
	56	*/
f1b731db DK	57	key = x509_request_asymmetric_key(trust_keyring, x509->id,
f1b731db DK	58	false);
757932e6	59	if (!IS_ERR(key)) {
08815b62 DH	60	/* One of the X.509 certificates in the PKCS#7 message
	61	* is apparently the same as one we already trust.
	62	* Verify that the trusted variant can also validate
	63	* the signature on the descendant.
	64	*/
757932e6 DH	65	pr_devel("sinfo %u: Cert %u as key %x\n",
757932e6 DH	66	sinfo->index, x509->index, key_serial(key));
08815b62	67	goto matched;
757932e6	68	}
08815b62 DH	69	if (key == ERR_PTR(-ENOMEM))
	70	return -ENOMEM;
	71
	72	/* Self-signed certificates form roots of their own, and if we
	73	* don't know them, then we can't accept them.
	74	*/
	75	if (x509->next == x509) {
	76	kleave(" = -ENOKEY [unknown self-signed]");
	77	return -ENOKEY;
	78	}
	79
	80	might_sleep();
	81	last = x509;
	82	sig = &last->sig;
	83	}
	84
	85	/* No match - see if the root certificate has a signer amongst the
	86	* trusted keys.
	87	*/
757932e6	88	if (last && last->authority) {
f1b731db DK	89	key = x509_request_asymmetric_key(trust_keyring, last->authority,
f1b731db DK	90	false);
757932e6 DH	91	if (!IS_ERR(key)) {
	92	x509 = last;
	93	pr_devel("sinfo %u: Root cert %u signer is key %x\n",
	94	sinfo->index, x509->index, key_serial(key));
	95	goto matched;
	96	}
	97	if (PTR_ERR(key) != -ENOKEY)
	98	return PTR_ERR(key);
08815b62 DH	99	}
08815b62 DH	100
757932e6 DH	101	/* As a last resort, see if we have a trusted public key that matches
	102	* the signed info directly.
	103	*/
	104	key = x509_request_asymmetric_key(trust_keyring,
f1b731db DK	105	sinfo->signing_cert_id,
f1b731db DK	106	false);
757932e6 DH	107	if (!IS_ERR(key)) {
	108	pr_devel("sinfo %u: Direct signer is key %x\n",
	109	sinfo->index, key_serial(key));
	110	x509 = NULL;
	111	goto matched;
	112	}
	113	if (PTR_ERR(key) != -ENOKEY)
	114	return PTR_ERR(key);
	115
	116	kleave(" = -ENOKEY [no backref]");
	117	return -ENOKEY;
08815b62 DH	118
	119	matched:
	120	ret = verify_signature(key, sig);
	121	trusted = test_bit(KEY_FLAG_TRUSTED, &key->flags);
	122	key_put(key);
	123	if (ret < 0) {
	124	if (ret == -ENOMEM)
	125	return ret;
	126	kleave(" = -EKEYREJECTED [verify %d]", ret);
	127	return -EKEYREJECTED;
	128	}
	129
	130	verified:
757932e6 DH	131	if (x509) {
	132	x509->verified = true;
	133	for (p = sinfo->signer; p != x509; p = p->signer) {
	134	p->verified = true;
	135	p->trusted = trusted;
	136	}
08815b62 DH	137	}
	138	sinfo->trusted = trusted;
	139	kleave(" = 0");
	140	return 0;
	141	}
	142
	143	/**
	144	* pkcs7_validate_trust - Validate PKCS#7 trust chain
	145	* @pkcs7: The PKCS#7 certificate to validate
	146	* @trust_keyring: Signing certificates to use as starting points
	147	* @_trusted: Set to true if trustworth, false otherwise
	148	*
	149	* Validate that the certificate chain inside the PKCS#7 message intersects
	150	* keys we already know and trust.
	151	*
	152	* Returns, in order of descending priority:
	153	*
	154	* (*) -EKEYREJECTED if a signature failed to match for which we have a valid
	155	* key, or:
	156	*
	157	* (*) 0 if at least one signature chain intersects with the keys in the trust
	158	* keyring, or:
	159	*
	160	* (*) -ENOPKG if a suitable crypto module couldn't be found for a check on a
	161	* chain.
	162	*
	163	* (*) -ENOKEY if we couldn't find a match for any of the signature chains in
	164	* the message.
	165	*
	166	* May also return -ENOMEM.
	167	*/
	168	int pkcs7_validate_trust(struct pkcs7_message *pkcs7,
	169	struct key *trust_keyring,
	170	bool *_trusted)
	171	{
	172	struct pkcs7_signed_info *sinfo;
	173	struct x509_certificate *p;
41559420 DH	174	int cached_ret = -ENOKEY;
41559420 DH	175	int ret;
08815b62 DH	176
	177	for (p = pkcs7->certs; p; p = p->next)
	178	p->seen = false;
	179
	180	for (sinfo = pkcs7->signed_infos; sinfo; sinfo = sinfo->next) {
	181	ret = pkcs7_validate_trust_one(pkcs7, sinfo, trust_keyring);
41559420 DH	182	switch (ret) {
	183	case -ENOKEY:
	184	continue;
	185	case -ENOPKG:
	186	if (cached_ret == -ENOKEY)
08815b62	187	cached_ret = -ENOPKG;
41559420 DH	188	continue;
	189	case 0:
	190	*_trusted \|= sinfo->trusted;
	191	cached_ret = 0;
	192	continue;
	193	default:
	194	return ret;
08815b62	195	}
08815b62 DH	196	}
	197
	198	return cached_ret;
	199	}
	200	EXPORT_SYMBOL_GPL(pkcs7_validate_trust);